From 1255b51981ba5538f372e9b8a5df57e69a1ded88 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 16 Jun 2024 15:13:01 +0000 Subject: [PATCH] fix: deps/npm/node_modules/npm-normalize-package-bin/package.json & deps/npm/node_modules/npm-normalize-package-bin/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- deps/npm/node_modules/npm-normalize-package-bin/.snyk | 10 ++++++++++ .../npm-normalize-package-bin/package.json | 8 +++++++- 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 deps/npm/node_modules/npm-normalize-package-bin/.snyk diff --git a/deps/npm/node_modules/npm-normalize-package-bin/.snyk b/deps/npm/node_modules/npm-normalize-package-bin/.snyk new file mode 100644 index 00000000000000..8870cb3f488080 --- /dev/null +++ b/deps/npm/node_modules/npm-normalize-package-bin/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - tap > import-jsx > @babel/core > lodash: + patched: '2024-06-16T15:12:59.880Z' + id: SNYK-JS-LODASH-567746 + path: tap > import-jsx > @babel/core > lodash diff --git a/deps/npm/node_modules/npm-normalize-package-bin/package.json b/deps/npm/node_modules/npm-normalize-package-bin/package.json index a331a682e74e02..dcd557680e86fe 100644 --- a/deps/npm/node_modules/npm-normalize-package-bin/package.json +++ b/deps/npm/node_modules/npm-normalize-package-bin/package.json @@ -10,12 +10,18 @@ "snap": "tap", "preversion": "npm test", "postversion": "npm publish", - "postpublish": "git push origin --follow-tags" + "postpublish": "git push origin --follow-tags", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "tap": { "check-coverage": true }, "devDependencies": { "tap": "^14.10.2" + }, + "snyk": true, + "dependencies": { + "@snyk/protect": "latest" } }